Target Settles With 47 Attorneys General Over 2013 Hack.

One of the biggest hacks in history was the Target credit hack of winter 2013, which affected approximately 60 million people. Four years later, Target is finally putting the situation behind, settling legal action brought to it by 47 states. The amount: $18.5 million. This does not include the many millions the Minnesota-based retailer paid […] read more

Global Malware Emergency Shows Why Backdoors Are Dangerous.

The big data security news this week is, of course, the WannaCry ransomware situation that reared its head last Friday, continued to grow over the weekend, and threatened to really become something had it not been for a serendipity: a kill-switch, possibly a mistake, baked into the malware. Many organizations and traditional news outlets have […] read more

HIPAA/HITECH Doesn’t Require You To Be Perfect, But It Does Expect You To Follow The Rules.

A couple of recent Department of Health and Human Services (HHS) legal settlements emphasize paperwork over security, showing that a healthcare entity’s approach to safeguarding data must be holistic: yes, you need to use encryption, and lock doors, and hide screens from potential medical data peeping-toms…but you also need to make sure that you’ve followed […] read more

Tennessee Updates Law That Required Notification For Encrypted Personal Data Loss.

In 2016, Tennessee created something of a legal furor when it became the first state to require data breach notifications (DBN) even if the lost or stolen data was protected with encryption. Earlier this month, a new law took effect that “clarifies [this] confusion” for companies: they are not required to send DBNs if the […] read more

Israel Introducing Data Breach Notification Law.

It was reported last week that Israel introduced mandatory data security and breach notification requirements into its law books. The law is expected to go into full effect next year. Business of all types – be they global, multinational companies or the barber shop down the street – will be affected by the new regulations. […] read more

New Mexico Now Has A Data Breach Notification Bill.

New Mexico will be the latest US state to add a data breach notification law to its books. Once the bill officially becomes a law, only two states – Alabama and South Dakota – will remain outsiders to the crazy idea that people should be notified if their personal data is hacked. You can read […] read more

Data Breach Results In Loss Of $350 Million in Yahoo-Verizon Deal.

Last week, Verizon finally decided to go forward with the acquisition of Yahoo, the perennial would-be comeback internet search and media company. The deal, announced last year, saw an unusual delay when Yahoo revealed that it had been hacked, the largest data breach in history as of then. This was followed a couple of months […] read more

Horizon BCBSNJ HIPAA Charge Over Two Laptops Settled For $1.1 Million.

Horizon Blue Cross Blue Shield of New Jersey (Horizon BCBSNJ) has settled a data breach that affected approximately 690,000 New Jersey residents. This data breach was noted on this blog not too long ago: In January, the Third Circuit Appellate Court declared that a lawsuit against the insurer could proceed because the “improper disclosure” of […] read more

Australia Finally Gets A Data Breach Notification Law.

The Land Down Under is finally getting a data breach notification law. This should come as a surprise to many since (a) many would have assumed that Australia already has one and (b) it’s 2017 – unless you’re a war-ravaged country, chances you have a breach notification law. Because that’s how bad things are on […] read more

Children’s Medical Center of Dallas Pays $3.2 Million To Settle HIPAA Violations.

The Children’s Medical Center of Dallas (Children’s) recently settled with the US Department of Health and Human Services (HHS) over multiple failures to encrypt sensitive data in mobile devices. The settlement – $3.2 million dollars – is quite the figure, as is the timeline involved: It looks like an investigation could have been started as […] read more